{"id":17289998,"url":"https://github.com/mhaggis/hunt-detect-prevent","last_synced_at":"2025-07-19T15:04:11.714Z","repository":{"id":77471991,"uuid":"78612713","full_name":"MHaggis/hunt-detect-prevent","owner":"MHaggis","description":"Lists of sources and utilities utilized to hunt, detect and prevent evildoers. ","archived":false,"fork":false,"pushed_at":"2018-12-10T15:57:21.000Z","size":2094,"stargazers_count":165,"open_issues_count":2,"forks_count":41,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-04-14T11:51:21.949Z","etag":null,"topics":["hunt","microsoft","powershell"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MHaggis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-11T07:13:13.000Z","updated_at":"2025-03-06T08:39:19.000Z","dependencies_parsed_at":"2023-04-23T08:47:16.513Z","dependency_job_id":null,"html_url":"https://github.com/MHaggis/hunt-detect-prevent","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MHaggis/hunt-detect-prevent","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MHaggis%2Fhunt-detect-prevent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MHaggis%2Fhunt-detect-prevent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MHaggis%2Fhunt-detect-prevent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MHaggis%2Fhunt-detect-prevent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MHaggis","download_url":"https://codeload.github.com/MHaggis/hunt-detect-prevent/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MHaggis%2Fhunt-detect-prevent/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265950398,"owners_count":23853753,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hunt","microsoft","powershell"],"created_at":"2024-10-15T10:36:41.065Z","updated_at":"2025-07-19T15:04:11.696Z","avatar_url":"https://github.com/MHaggis.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hunt-detect-prevent\n\nLists of sources and utilities to hunt, detect and prevent evildoers.\n\n\n# Hunt, Detect \u0026 Prevent -- Resources\n\n**AD Security**\n\nhttps://jimshaver.net/2016/02/14/defending-against-mimikatz/\n\nhttps://adsecurity.org/?p=559\n\n**Microsoft EMET**\n\nhttps://support.microsoft.com/en-us/kb/2458544\n\n**Microsoft ATA**\n\nhttps://blogs.technet.microsoft.com/enterprisemobility/2016/12/12/will-advanced-threat-analytics-help-me-with-non-windows-oss/\n\n**Microsoft File Screening**\n\nhttp://olivermarshall.net/using-file-screening-to-help-block-cryptolocker/\n\nhttp://blog.netwrix.com/2016/04/11/ransomware-protection-using-fsrm-and-powershell/\n\n**Threat Hunting**\n\nhttps://github.com/ThreatHuntingProject/ThreatHunting\n\n**Powershell**\n\nLog hunting with powershell\n\nhttp://909research.com/windows-log-hunting-with-powershell/\n\nhttps://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf\n\nhttps://isc.sans.edu/diary/21829\n- powershell blocked via windows firewall (same for cscript/wscript)\n\nPOSH to read event logs\n- http://www.tinyurl.com/504extra2\n\nhttps://files.sans.org/summit/DFIR_Summit_Prague_2016/PDFs/PowerShell-obFUsk8tion-Techniques-David-Bohannon.pdf\n\nhttps://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html\n\n\n**Windows event forwarding**\n\nhttps://blogs.technet.microsoft.com/russellt/2017/05/09/project-sauron-introduction/\n\nhttps://blogs.technet.microsoft.com/jepayne/2015/11/23/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem/\n\nhttp://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/\n\nhttps://blogs.technet.microsoft.com/wincat/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows/\n\n\n**EDR**\n\nCarbonBlack\n\nlimacharlie\n\nOSQuery\n\n**Logging**\n\nLogging debrief--\n\nhttps://www.malwarearchaeology.com/logging/\n\n[ELK](https://www.elastic.co/products)\n\n[Graylog](https://www.graylog.org/)\n\n[Splunk](https://www.splunk.com/)\n\n[alienvault](https://www.alienvault.com/)\n\n**SCCM**\n\nhttps://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html\n\nhttps://github.com/PowerShellMafia/PowerSCCM\n\n**Recommended reading:**\n\nhttps://github.com/subTee\n\nhttps://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/\n\nhttp://seclist.us/powermemory-v1-4-exploit-the-credentials-present-in-files-and-memory.html\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaggis%2Fhunt-detect-prevent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhaggis%2Fhunt-detect-prevent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaggis%2Fhunt-detect-prevent/lists"}